mpegripper
join:2004-11-16
99999 | info-cards
i personally don't want to have to carry an info card around for my desktop pc at home which i use for nothing important (except cs:s  ) |
|
Tomek
Premium
join:2002-01-30
Brooklyn, NY
 ·Packet8
| Too many fronts
In a way, that may solve some problems, but still there are lots of other dangers. I don't use passwords myself on the laptop. I have SmartCard verification integrated into a BIOS.
I truly believe that hardware level security offers the best protection. And MS should focus, as said in the article, on making OS safe from trojans and man-in-the-middle attacks (my favorite )
--
Private First Class of United States Marine Corps |
|
Xure
join:2003-11-14
Beverly Hills, CA
| Are they for real?
Now concentrate the information on one thing so it may be easier to hijack my identity, why don't ya?
I can see it now, instead of piecing all the info together, one just has to get a hold of one file! I can see people clicking on phishing e-mail attachments that "only" swipe your "info-card" and the user is left with a feeling that nothing bad happened.
"Nothing bad", Joe Blow wonders, "I just clicked on this and nothing happened." |
|
Matt
Take me down to the paradise city
Premium
join:2003-07-20
Jamestown, NC
 ·North State Commun..
| Bruce
Let me start by saying I feel Bruce Schneier is one of the most knowledgable people in the security field and his site is a very good source of info.
I am just wondering why he rarely suggests a solution to the problem, instead of tearing down every little advance that is made?
He should use his knowledge and position of influence to drive viable solutions to our security problems.
Sure two-factor authentication isn't perfect, but it WILL mitigate a lot of the issues we have today.
If your Credit Card number, personal info and website login are compromised, unless it's used before your token changes it's random code (usually every 30 minutes), the info is useless to a would be hacker. The same is true for any phishing schemes.
The real issue is what happens when hackers break into the token authentication system. |
|
dtv-extortion
@us.xo
| "Info-Card" sounds like a re-branded "Smartcard"
Have we not had this ability all along?
AMEX smartcard credit cards have been used to verify online purchases for years now.
"Info-Card" sounds like a re-branded "Smartcard" solution to me!
Do they think a new name is going to bring this method of authentication back to life after DirecTV deemed all smartcard solutions illegal and sent out threat letters to thousands of innocent smartcard researchers/users?
All that will happen is DTV will start sending letters to innocent “Info-Card” users claiming they are illegal as well! |
|
markopoleo
join:2003-04-02
Bonne Terre, MO | You can have the best security in the world..
but useless if you use your first name as your password.
Humans are the weakest link in security.  |
|
The Dv8or
DSLReports Forums -- The Mouse House 2.0
Premium
join:2001-08-09
Danbury, CT
clubs:
| said by markopoleo  :but useless if you use your first name as your password. Humans are the weakest link in security. Exactly. People dont want better security. They want their computing experience to be easier. Domain passwords have been the topic of conversation more than once between a couple of 50something women at lunch. "Oh, well I use my dog's name!" "I like to use my husband's middle name with an 11 at the end". The right guy sitting next to these women could easily wreck a major company.
--
You're so vain... I bet you think this post is about you. |
|
sabersaw
Premium
join:2001-08-21
Dayton, OH
| reply to dtv-extortion
Re: "Info-Card" sounds like a re-branded "Smartcar
said by dtv-extortion:
Have we not had this ability all along?
AMEX smartcard credit cards have been used to verify online purchases for years now.
"Info-Card" sounds like a re-branded "Smartcard" solution to me!
Do they think a new name is going to bring this method of authentication back to life after DirecTV deemed all smartcard solutions illegal and sent out threat letters to thousands of innocent smartcard researchers/users?
All that will happen is DTV will start sending letters to innocent “Info-Card” users claiming they are illegal as well!
yep, sdlogic was a legit company. »www.dbstalk.com/showthread.php?t···xtnewest |
|
RDins
@comcast.net | reply to Xure
Re: Are they for real?
Its already easy to hijack your identity. |
|
tirebiter
join:2002-02-16
Champaign, IL | Nobody Will Use This
Who's going go through all this just to log in to their PC? Home users won't use it at all and few corps will want the overhead of managing lost cards and other problems this will cause. |
|
marketex
Premium
join:2003-11-11
Lansing, IL
| Passport Warmed Over?
Why do the wonderful guys on the campus at Redmond spend so much time trying to get everyone to "entrust" them with information you SHOULD keep in your head, rather than using THEIR heads to seal up the leaky vessel into which they wish us to pour our dearest secrets? HMMMMM?! Could it be the broken promises of MS stock options from der Billster? |
|
lostboy8
join:2005-02-20
| Microsoft doesn't really care about nothing except their own pockets. They are only using this scheme so hackers will have a harder time hacking windows longhorn when it comes out. I agree with one of the previous post that it would put you at a higher jeopardy of getting identity thefted since the would be hacker would just need to target one piece of info now. Why doesn't the federal government just break Microsoft up as they threatened them before. Windows and Office should be two separate entities. I think that way each product would bet better with individual attention. Microsoft is going crazy with all this extracurricular software and services. When it sees a company make money off of an idea. They hafta stick their noses into that part of the field and try to make money too even though they have no clue on what they are doing. All they do is buy a company and milk it for all its worth without really making advances for that software. |
|
Nsane_iceman
Workaholic
Premium
join:2001-02-26
North Richland Hills, TX
clubs: | Double use.
I could see these Info-cards used with the serial number also so you have to have the right card and right number to install the OS. After the OS is in it hides the serial part and lets you addon the passwd and ect. |
|
marketex
Premium
join:2003-11-11
Lansing, IL
|  reply to lostboy8
Re: Passport Warmed Over?
said by lostboy8 :Microsoft doesn't really care about nothing except their own pockets. They are only using this scheme so hackers will have a harder time hacking windows longhorn when it comes out. I agree with one of the previous post that it would put you at a higher jeopardy of getting identity thefted since the would be hacker would just need to target one piece of info now. Why doesn't the federal government just break Microsoft up as they threatened them before. Windows and Office should be two separate entities. I think that way each product would bet better with individual attention. Microsoft is going crazy with all this extracurricular software and services. When it sees a company make money off of an idea. They hafta stick their noses into that part of the field and try to make money too even though they have no clue on what they are doing. All they do is buy a company and milk it for all its worth without really making advances for that software. There is nothing you have said with which I do not agree.
Hear! Hear! |
|
DeeplyShrouded
@comcast.net
| reply to Nsane_iceman
Re: Double use.
With USB devices like 1gb flashdrives,
how about a flashdrive that can't be changed?
Bundle it with the OS, during OS install, it looks for
this drive to read a 1gb length encryption key.
A one-way hash within the install program generates a
complimentary key, if they match, the OS installs.
If not, you're SOOL. If you lose it, you contact MS,
prove you purchased the software (receipt, serial # etc)
and you pay for another hardware key. |
|
